final Date expiration = claimsSet.getExpirationTime();
if (idClaims.getExpirationTime() == null) { throw new AuthenticationServiceException("Id Token does not have required expiration claim"); } else { if (now.after(idClaims.getExpirationTime())) { throw new AuthenticationServiceException("Id Token is expired: " + idClaims.getExpirationTime());
if (jwtClaims.getExpirationTime() == null) { throw new AuthenticationServiceException("Assertion Token does not have required expiration claim"); } else { if (now.after(jwtClaims.getExpirationTime())) { throw new AuthenticationServiceException("Assertion Token is expired: " + jwtClaims.getExpirationTime());
/** * Validates a Knox token with expiration and begin times and verifies the token with a public Knox key. * @param jwtToken Knox token * @param userName User name associated with the token * @return Whether a token is valid or not * @throws ParseException JWT Token could not be parsed. */ protected boolean isValid(SignedJWT jwtToken, String userName) throws ParseException { // Verify the user name is present if (userName == null || userName.isEmpty()) { LOG.info("Could not find user name in SSO token"); return false; } Date now = new Date(); // Verify the token has not expired Date expirationTime = jwtToken.getJWTClaimsSet().getExpirationTime(); if (expirationTime != null && now.after(expirationTime)) { LOG.info("SSO token expired: {} ", userName); return false; } // Verify the token is not before time Date notBeforeTime = jwtToken.getJWTClaimsSet().getNotBeforeTime(); if (notBeforeTime != null && now.before(notBeforeTime)) { LOG.info("SSO token not yet valid: {} ", userName); return false; } return validateSignature(jwtToken); }
Preconditions.checkArgument(claims.getIssueTime().before(currentTime)); Preconditions.checkArgument(claims.getExpirationTime().after(currentTime));
public boolean requiresRefresh() { // Uh, just do it a day ahead, why not? return jWTClaimsSet.getExpirationTime().toInstant().isBefore(Instant.now(Clock.systemUTC()).plusSeconds(86400L)); }
private Date getExpirationDate(SignedJWT token) { try { return token.getJWTClaimsSet() .getExpirationTime(); } catch (ParseException e) { e.printStackTrace(); return null; } } }
public boolean requiresRefresh() { // Uh, just do it a day ahead, why not? return jWTClaimsSet.getExpirationTime().toInstant().isBefore(Instant.now(Clock.systemUTC()).plusSeconds(86400L)); }
@Override public boolean verify(final JWSHeader header, final byte[] signingInput, final Base64URL signature) throws JOSEException { boolean value = super.verify(header, signingInput, signature); long time = System.currentTimeMillis(); return value && claimsSet.getNotBeforeTime().getTime() <= time && time < claimsSet.getExpirationTime().getTime(); } }
private boolean verifyExpiration(JWT jwtToken) throws IOException { try { Date expire = jwtToken.getJWTClaimsSet().getExpirationTime(); if (expire != null && new Date().after(expire)) { return false; } Date notBefore = jwtToken.getJWTClaimsSet().getNotBeforeTime(); if (notBefore != null && new Date().before(notBefore)) { return false; } } catch (ParseException e) { throw new IOException("Failed to get JWT claims set", e); } return true; }
private boolean verifyExpiration(JWT jwtToken) throws IOException { try { Date expire = jwtToken.getJWTClaimsSet().getExpirationTime(); if (expire != null && new Date().after(expire)) { return false; } Date notBefore = jwtToken.getJWTClaimsSet().getNotBeforeTime(); if (notBefore != null && new Date().before(notBefore)) { return false; } } catch (ParseException e) { throw new IOException("Failed to get JWT claims set", e); } return true; }
@Override public Date getExpiresDate() { Date date = null; try { date = jwt.getJWTClaimsSet().getExpirationTime(); } catch (ParseException e) { log.unableToParseToken(e); } return date; }
@Override public Date getExpiresDate() { Date date = null; try { date = jwt.getJWTClaimsSet().getExpirationTime(); } catch (ParseException e) { log.unableToParseToken(e); } return date; }
@Override public JWTClaimsSet parseToken(String token, String audience) { JWTClaimsSet claims = parseToken(token); LecUtils.ensureCredentials(audience != null && claims.getAudience().contains(audience), "com.naturalprogrammer.spring.wrong.audience"); long expirationTime = claims.getExpirationTime().getTime(); long currentTime = System.currentTimeMillis(); log.debug("Parsing JWT. Expiration time = " + expirationTime + ". Current time = " + currentTime); LecUtils.ensureCredentials(expirationTime >= currentTime, "com.naturalprogrammer.spring.expiredToken"); return claims; }
public static IETFTokenExchangeResponse idToken(String idToken) throws ParseException { IETFTokenExchangeResponse token = new IETFTokenExchangeResponse(); token.additionalInformation.put("issued_token_type", OrcidOauth2Constants.IETF_EXCHANGE_ID_TOKEN ); token.value = idToken; token.tokenType = "N_A"; SignedJWT claims = SignedJWT.parse(idToken); token.expiration = claims.getJWTClaimsSet().getExpirationTime(); return token; }
@Override public void verify(final JWTClaimsSet claimsSet, final C context) throws BadJWTException { final Date now = new Date(); final Date exp = claimsSet.getExpirationTime(); if (exp != null) { if (! DateUtils.isAfter(exp, now, maxClockSkew)) { throw EXPIRED_JWT_EXCEPTION; } } final Date nbf = claimsSet.getNotBeforeTime(); if (nbf != null) { if (! DateUtils.isBefore(nbf, now, maxClockSkew)) { throw JWT_BEFORE_USE_EXCEPTION; } } } }
@Override public boolean isExpired() { if (getTokenExpirationAdvance() < 0) return false; else { try { JWT jwt = this.getIdToken(); JWTClaimsSet claims = jwt.getJWTClaimsSet(); Date expiresOn = claims.getExpirationTime(); Calendar now = Calendar.getInstance(); now.add( Calendar.SECOND, getTokenExpirationAdvance() ); return expiresOn.before(now.getTime()); } catch (ParseException e) { throw new TechnicalException(e); } } } }
private boolean validateRequiredFields(JWTClaimsSet claimsSet) throws IdentityOAuth2Exception { String subject = resolveSubject(claimsSet); List<String> audience = claimsSet.getAudience(); String jti = claimsSet.getJWTID(); if (StringUtils.isEmpty(claimsSet.getIssuer()) || StringUtils.isEmpty(subject) || claimsSet.getExpirationTime() == null || audience == null || jti == null) { throw new IdentityOAuth2Exception("Mandatory fields(Issuer, Subject, Expiration time," + " jtl or Audience) are empty in the given Token."); } return true; }
private Jwt createJwt(JWT parsedJwt, JWTClaimsSet jwtClaimsSet) { Instant expiresAt = null; if (jwtClaimsSet.getExpirationTime() != null) { expiresAt = jwtClaimsSet.getExpirationTime().toInstant(); } Instant issuedAt = null; if (jwtClaimsSet.getIssueTime() != null) { issuedAt = jwtClaimsSet.getIssueTime().toInstant(); } else if (expiresAt != null) { // Default to expiresAt - 1 second issuedAt = Instant.from(expiresAt).minusSeconds(1); } Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject()); return new Jwt(parsedJwt.getParsedString(), issuedAt, expiresAt, headers, jwtClaimsSet.getClaims()); }
private void validateRequiredClaims(JWTClaimsSet claims) throws MissingRequiredClaimException { checkClaimNotNull(claims.getAudience(), Claim.AUDIENCE); checkClaimNotNull(claims.getIssuer(), Claim.ISSUER); checkClaimNotNull(claims.getJWTID(), Claim.JWT_ID); checkClaimNotNull(claims.getIssueTime(), Claim.ISSUED_AT); checkClaimNotNull(claims.getExpirationTime(), Claim.EXPIRY); }